encryption

Pierluigi Paganini August 04, 2014
Tens of thousands of Mozilla developers emails and password exposed

Mozilla Security Team announced the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users. Bad news for tens of thousands of Mozilla developers, their email addresses and encrypted passwords were accidentally exposed. The news was reported in blog post published on the official Mozilla Security Blog, the risk is […]

Pierluigi Paganini August 02, 2014
Al-Qaeda usage of encryption after Snowden leaks (Part 2)

Web Intelligence experts at Recorded Future issued the second part of the analysis on the usage of encryption by Al-Qaeda after the Snowden leaks. In May 2014 web intelligence firm Recorded Future published an interesting research on the use of encryption made by Al-Qaeda after the Snowden leaks. The study reported that members of Al-Qaeda are developing […]

Pierluigi Paganini June 06, 2014
New critical flaws discovered in OpenSSL, patch now

The OpenSSL Foundation has fixed a series of new vulnerabilities, two of them considered critical. Organizations are invited to apply patches asap. The Open SSL has provided a collection of updates for its libraries to fix a series of new vulnerabilities recently reported. The exact number of vulnerabilities affecting OpenSSL is 6 and two of them are […]

Pierluigi Paganini June 05, 2014
The GnuTLS Hello flaw leaves vulnerable SSL clients

Experts at security firm Codenomicon discovered a critical buffer overflow vulnerability in the implementation of the GnuTLS software. GnuTLS, a free software implementation of SSL/TLS/DTLS protocols, it offers a set of application programming interface (API) to enable secure communication over their network transport layer. News of the day is that the widely used cryptographic library is vulnerable […]

Pierluigi Paganini May 29, 2014
Encryption Tool TrueCrypt shuts down mysteriously. Is it unsecure?

Encryption Tool TrueCrypt shuts down mysteriously, a message on the official SourceForge-hosted page is encouraging users to adopt Microsoft Bitlocker. TrueCrypt, another myth is falling down? Many TrueCrypt users have had a nasty surprise visiting the TrueCrypt page at SourceForge, the page content warns visitors that the open source encryption software is not secure and that its […]

Pierluigi Paganini May 21, 2014
Outlook Android App stores emails in plain text on mobile

Researchers at Include Security discovered that the Outlook.com Android App leaves user email messages unprotected by default on the mobile SD cards. A Microsoft Outlook client app for the Android platform lacks of encryption for the storage of email messages on the device’s SD cards. The unique protection mechanism implemented for the Outlook app is a […]

Pierluigi Paganini May 16, 2014
Al-Qaeda is developing new Encryption tools in response to NSA surveillance

Recorded Future published a report to show that members of Al-Qaeda are developing a series of new encryption software in response to NSA surveillance. The revelation based on the document leaked by Edward Snowden on the NSA surveillance programs have had also a serious impact on the methods of terrorist organizations like Al-Qaeda. The information revealed […]

Pierluigi Paganini May 11, 2014
AirChat project supported by Anonymous to secure communications

Entities claiming to be part of Anonymous collective are working to put together a secure communications project named Airchat based on ham-radio Fldigi modem controller. Entities claiming Anonymous affiliation are supporting the AirChat project, available for consultation on the Github, for the design of  a secure communication based on the open source ham-radio Fldigi modem controller. “We traded bandwidth for freedom, or […]

Pierluigi Paganini May 10, 2014
Heartbleed one month later, at least 300k servers are still vulnerable

Security researcher Robert Graham published the results of recent global scan searching for Heartbleed vulnerable systems. 300k systems are still vulnerable Heartbleed flaw is a bug disclosed more than a month ago, which affected OpenSSL library with serious repercussion on most common encryption services we daily use. Encrypted communications, mobile platforms, VPN and Tor networks are just a […]

Pierluigi Paganini May 02, 2014
Be aware, Apple iOS Data protection doesn’t protect email attachments

Security Researcher Andreas Kurtz noticed that email attachments within different iOS versions are not protected by Apple’s data protection mechanisms. Mobile platform security is becoming even more crucial due to the large number of applications daily used by billion of users, but we must be aware of security flaws that could also affect the mobile OS. […]